Security

You can control some aspects of security directly via your Cockpit under the Content Delivery tab. This includes blocking IPs and viewing WAF information.

Block IPs

If you spot a malicious IP or need to block IPs for whatever reason, you can block them directly from the Cockpit.

This is only applicable if you are using Fastly as your CDN. Otherwise, you can block IPs using an ingress.

Instructions

You can block a single IP by entering it manually or a list of IPs by importing a csv file.

  1. Go to Content delivery > Block IP.

  2. Select the desired Cluster Id from the dropdown list.

  3. Choose to block a single IP or import a list to block:

    • Block IP

    • Block multiple IPs

    1. Click Block IP.

    2. Enter the CIDR[1].

      The appropriate bit prefix (/32 (IPv4) or /128 (IPv6)) is appended automatically.

    3. Add a comment.

    4. Click Block IP.

    IPv6 Example

    block ip

    1. Click Block IP (CSV).

    2. Select the file you wish to upload.

    3. Click Block IP (CSV).

      See an example format and CSV file below these instructions.

    block ip csv

    CSV entry format

    CIDR[1],Comment

    example csv file
    192.169.0.0/16,local network range
    23.45.67.111/32,
    2002::1234:abcd:ffff:c0a8:101/64
    192.169.0.1/12,"commas, in, a, comment, example" (1)
    1 Comments are optional. However, if you use them and there are commas in your comment, be sure to wrap the comment in double quotations. Otherwise, it may be read as a separate entry in the CSV file.

Removed a blocked IP (unblock)

  1. Go to Content delivery > Block IP.

  2. Select the desired Cluster Id from the dropdown list.

  3. From the list of currently blocked IPs, on the right side, click the accordion icon and delete the IP.

    delete blocked ip

Webapp firewall

Web Application Firewalls, or WAFs, protect web applications from common malicious attacks such as cross-site-scripting (XSS) and SQL injections. Essentially, they act as a type of wall or shield between your web application and the internet. If you have your own CDN for your project, you’ll likely have your own WAF.

If you choose to go with the default CDN for Magnolia PaaS, you’ll be protected with the Fastly WAF.

The Fastly WAF inspects the web traffic at the HTTP application layer by looking at all HTTP and HTTPS requests (both header and body included). This can be configured specifically for your deployment.

View WAF information

To view passed, logged, and blocked requests for your WAF:

  1. Go to Content delivery > WAF.

  2. Select the desired Cluster Id from the dropdown list.

  3. Select the desired Domain Name from the dropdown list.

  4. Select the Range for the statistics.

See the WAF graphs below for more details on each metric.

WAF graphs

You can view information on the Traffic as well as the Origin of requests easily in the Cockpit. You can also easily see which attacks occur most often in the Blocked tab and the top IPs in the IP tab.

Traffic

Under the Traffic tab, you can view the following:

Metric Description and Visual

Total requests

Displays the total requests to the WAF in the specified time period.

traffic totalRequests.totalBlockedRequests.totalRequestsPerWafStatus

Total blocked requests

Displays the total blocked requests to the WAF in the specified time period.

traffic totalRequests.totalBlockedRequests.totalRequestsPerWafStatus

Total requests per WAF status

Displays the total requests broken down by WAF status.

This is not for the specified period, but the total requests over time.
  • PASSED = Passed by the WAF and sent to the origin server.

  • LOGGED = Logged by the WAF and sent to the origin server.

  • BLOCKED = Blocked by the WAF.

traffic totalRequests.totalBlockedRequests.totalRequestsPerWafStatus

Total requests per WAF status over time

Displays the total requests broken down by WAF status by the time period.

This is for the specified period, and you can drag over the graph to get even more granular results.
  • PASSED = Passed by the WAF and sent to the origin server.

  • LOGGED = Logged by the WAF and sent to the origin server.

  • BLOCKED = Blocked by the WAF.

traffic totalRequestsPerWafStatusOverTime

Origin

Under the Origin tab, you can view the following:

Metric Description and Visual

Blocked request per zones

Displays (as a map) the blocked requests per geographic zone.

You can zoom in and out just as you would any other modern web map.

origin blockedRequestsPerZone

Blocked

Under the Blocked tab, you can view the following:

Metric Description

Attacks per type

This graphic shows you the attacks per type for the selected cluster, domain, and time period.

Attacks per rule

This graphic shows you the attacks per rule for the selected cluster, domain, and time period.

Web Application Firewall (WAF) explains more about rules.

Attacks per path

This graphic shows you the attacks per path for the selected cluster, domain, and time period.

IP

Under the IP tab, you can view the following:

Metric Description

Top 10 IPs

This shows you the top 10 IPs that have experienced attacks for the selected cluster, domain, and time period.

Attack per IP

This shows the volume of attacks per IP for the selected cluster, domain, and time period.


1. Classless Inter-Domain Routing. For more, see here.
Feedback

PaaS

×

Location

This widget lets you know where you are on the docs site.

You are currently perusing through the Magnolia PaaS docs.

Main doc sections

DX Core Headless PaaS Legacy Cloud Incubator modules